IN THE CLAIMS 

Please amend claims 21-24, 27-29, and 33-35. Please cancel claims 26, 32 and 38. 



1-20. (Cancelled) 

21 . (Currently amended) A method of defining rights for controlling access to one or more 
resources of a computer, comprising: 

receiving requests to access a resource from a process having a process path ; 

providing the received requests to an intrusion detection module for determining resource 
access rights for the process ; 

observing, by the intrusion detection module, patterns of the requests from the process, 
the patterns representing normal behavior of the process; 

generating, by the intrusion detection module, a description of rights to access the 
resource by the process based on the patterns; 

receiving from the intrusion detection module, in r e spons e to providing the rec e iv e d 
r e qu e sts, d e scription of th e r e sourc e access rights for the process; and the description of the 
rights to access the resource by the process; 

building a resource access table based at least in part on the description of the rights to 
access the resource, the resource access table having an ordered list of entries specifying process 
paths of processes and rights to access resources by the processes; and 

storing data the resource access table representative of the resource access rights for the 

22. (Currently amended) The method of claim 2 1 , wherein storing the data representative of 
the resource access rights for the process building the resource access table comprises: 

storing an execution path that identifies identifying and writing in the resource access 
table the process path of the process; and 

storing identifying and writing in the resource access table a directory path identifying a 
computer the resource that the process is allowed to access. 

23. (Currently amended) The method of claim 22, further comprising: 
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storing identifying and writing in the resource access table a value associated with the 
directory path, the value describing a type of allowable resource to be accessed by the process. 

24. (Currently amended) The method of claim 22, wherein storing identifying and writing 
the directory path comprises: 

representing the directory path of the resource using a meta-symbol. 

25. (Previously presented) The method of claim 24, wherein the meta symbol 
represents one or more items of information selected from the set consisting of: an identification 
of a user of the process accessing the resource; a path wildcard; a directory wildcard; a character 
wildcard; and a portion of a name of the resource. 

26. (Canceled) 

27. (Currently amended) A system for defining rights for controlling access to one or more 
resources of a computer, comprising: 

an int e rfac e modul e adapt e d to receive a request to access a resource from a proc e ss; 
an intrusion detection module adapted to: 

receive, via an analysis module, requests to access a resource from a 
process having a process path; 

observe patterns of the requests from the process, the patterns representing 
normal behavior of the process; and 

generate a description of rights to access the resource by the process based 
on the patterns; 
an the analysis module adapted to: 

provide the received requests to an intrusion detection module4er 
determining resource access rights for the process ; 

receive from the intrusion detection module, the description of the rights 
to access the resource by the process in response to providing the received 
requests, a description of the resource access rights for the process ; and 
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build a resource access table based at least in part on the description of the 
rights to access the resource, the resource access table having an ordered list of 
entries specifying process paths of processes and rights to access resources by the 
processes generate data roprosontativo of the - resource access rights for the 



process ; and 

a memory module coupled to the analysis module, the memory module adapted to store 
the resource access table built by the analysis module data reproscntativc of the resource access 
rights for the process . 

28. (Currently amended) The system of claim 27, wherein the data representative of the 
resource access rights for the process the resource access table comprises: 

an execution path that identifies the process path of the process comprising an execution 
path of the process ; and 

a directory path identifying a computer the resource that the process is allowed to access. 

29. (Currently amended) The system of claim 28, wherein the data representativ e of th e 
resource access rights for the process the resource access tabic further comprises: 

a value associated with the directory path and describing a type of allowable resource 
access by the process. 

30. (Previously presented) The system of claim 28, wherein the directory path comprises a 
meta-symbol. 

3 1 . (Previously presented) The system of claim 30, wherein the meta symbol represents one 
or more items of information selected from the set consisting of: an identification of a user of the 
process accessing the resource; a path wildcard; a directory wildcard; a character wildcard; and a 
portion of a name of the resource. 

32. (Canceled) 

33. (Currently amended) A computer program product having a computer-readable storage 

medium having embodied thereon program code for storing instructions executable by a 
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processor, the instructions when executed cause the processor to: defining rights for controlling 
access to one or more resources of a computer, the program code comprising: 

an interface module adapted to receive [[a]] requests to access a resource from a process 
having a process path ; 

an analysis module adapted to: 

provide the received requests to an intrusion detection module for determining resource 
access rights for the rights to access the resource by the process; 

observe, by the intrusion detection module, patterns of the requests from the process, the 
patterns representing normal behavior of the process; 

generate, by the intrusion detection module, a description of the rights to access the 
resource by the process based on the patterns; 

receive from the intrusion detection module, in response to providing tho received 
requests, a description of the acceptable resource access rights for the process; and the 
description of the rights to access the resource by the process; 

build a resource access table based at least in part on the description of the rights to 
access the resource, the resource access tabic having an ordered list of entries specifying process 
paths of processes and rights to access resources by the processes generate data r e pr e s e ntativ e of 
th e r e sourc e acc e ss rights for the process ; and 

a memory module adapted to store data store the resource access table on a memory 
module representative of tho resource access rights for the process . 

34. (Currently amended) The computer program product of claim 33, wherein the data 
representative of the resource access rights for the process comprise instructions causing the 
processor to build the resource access table cause the processor to : 

identify and write in the resource access table the process path of an execution path that 
identifies the process; and 

identify and write in the resource access table a directory path identifying a computer the 
resource that the process is allowed to access. 
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35. (Currently amended) The computer program product of claim 34, wherein the data 
representative of the acceptable resource access rights for the process further comprise 
instructions causing the processor to build the resource access table cause the processor to 

identify and write a value associated with the directory path and describing a type of 
allowable resource access by the process. 

36. (Previously presented) The computer program product of claim 34, wherein the directory 
path comprises a meta-symbol. 

37. (Previously presented) The computer program product of claim 36, wherein the meta 
symbol represents one or more items of information selected from the set consisting of: an 
identification of a user of the process accessing the resource; a path wildcard; a directory 
wildcard; a character wildcard; and a portion of a name of the resource. 

38. (Canceled) 
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